yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 16:35:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

Parse HelloVerifyRequest buffer overread: add changelog entry

Browse Source
This commit is contained in:
Gilles Peskine 2019-09-27 14:07:00 +02:00
parent d5c4a7cc11
commit afbcf97c20
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -20,6 +20,8 @@ Security
timings on the comparison in the key generation enabled the attacker to timings on the comparison in the key generation enabled the attacker to
learn leading bits of the ephemeral key used during ECDSA signatures and to learn leading bits of the ephemeral key used during ECDSA signatures and to
recover the private key. Reported by Jeremy Dubeuf. recover the private key. Reported by Jeremy Dubeuf.
* Fix a potentially remotely exploitable buffer overread in a
DTLS client when parsing the Hello Verify Request message.
Bugfix Bugfix
* Remove redundant line for getting the bitlen of a bignum, since the variable * Remove redundant line for getting the bitlen of a bignum, since the variable